Announcement

Collapse
No announcement yet.

Cloaking crashes computer

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cloaking crashes computer

    Using YASU 7080 (also tried 7070) to cloak a daemon tools drive, I get a complete memory dump (the so called "dreaded blue screen of death"). Not being the most technically gifted computer user, I was wondering if anyone has had a similar problem and how I might solve this. Cheers for any help.

  • #2
    Could you attach the latest minidump (normally c:\windows\minidump where c: is your drive letter and windows is the windows folder which may have another name)
    Make something idiot proof, but then they just make a better idiot
    Peace Through Power

    Comment


    • #3
      I used some Windows debugger program to load up this. Wasn't quite sure what information you need to help so I've just copied it all. I hope it makes more sense to you than it does me, haha. Thanks for replying.


      Loading Dump File [C:\WINDOWS\Minidump\Mini073007-01.dmp]
      Mini Kernel Dump File: Only registers and stack trace are available

      Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
      Executable search path is:
      Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
      Product: WinNt, suite: TerminalServer SingleUserTS
      Built by: 2600.xpsp_sp2_gdr.070227-2254
      Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
      Debug session time: Mon Jul 30 17:07:22.812 2007 (GMT+0)
      System Uptime: 0 days 1:03:18.382
      Loading Kernel Symbols
      .................................................. .................................................. ............................................
      Loading User Symbols
      Loading unloaded module list
      ..............
      Unable to load image mvstdi5x.sys, Win32 error 0n2
      *** WARNING: Unable to verify timestamp for mvstdi5x.sys
      *** ERROR: Module load completed but symbols could not be loaded for mvstdi5x.sys
      ************************************************** *****************************
      * *
      * Bugcheck Analysis *
      * *
      ************************************************** *****************************

      Use !analyze -v to get detailed debugging information.

      BugCheck 100000D1, {3, 2, 0, f7752917}

      Unable to load image gwausb.sys, Win32 error 0n2
      *** WARNING: Unable to verify timestamp for gwausb.sys
      *** ERROR: Module load completed but symbols could not be loaded for gwausb.sys


      Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

      Followup: MachineOwner
      ---------

      kd> !analyze -v
      ************************************************** *****************************
      * *
      * Bugcheck Analysis *
      * *
      ************************************************** *****************************

      DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
      An attempt was made to access a pageable (or completely invalid) address at an
      interrupt request level (IRQL) that is too high. This is usually
      caused by drivers using improper addresses.
      If kernel debugger is available get stack backtrace.
      Arguments:
      Arg1: 00000003, memory referenced
      Arg2: 00000002, IRQL
      Arg3: 00000000, value 0 = read operation, 1 = write operation
      Arg4: f7752917, address which referenced memory

      Debugging Details:
      ------------------




      READ_ADDRESS: 00000003

      CURRENT_IRQL: 2

      FAULTING_IP:
      mvstdi5x+2917
      f7752917 8a16 mov dl,byte ptr [esi]

      CUSTOMER_CRASH_COUNT: 1

      DEFAULT_BUCKET_ID: DRIVER_FAULT

      BUGCHECK_STR: 0xD1

      PROCESS_NAME: Idle

      LAST_CONTROL_TRANSFER: from f775216e to f7752917

      STACK_TEXT:
      WARNING: Stack unwind information not available. Following frames may be wrong.
      8054fffc f775216e 00000062 8420c164 80550058 mvstdi5x+0x2917
      80550028 f77525a6 834bdf68 80550058 8055005c mvstdi5x+0x216e
      8055004c f7752708 834bdf30 8420c164 00000080 mvstdi5x+0x25a6
      8055006c f7759b38 834bdf30 83501108 00000084 mvstdi5x+0x2708
      80550090 804e3d38 84064738 834c7cd8 841eaf40 mvstdi5x+0x9b38
      805500c0 f2a46ad2 8369eea0 83420e70 83420e74 nt!IopfCompleteRequest+0xa2
      805500d8 f2a4b6ac 834c7cd8 00000000 00000084 tcpip!TCPDataRequestComplete+0xa6
      80550114 f2a4b75f 00000000 00000002 00000000 tcpip!CompleteRcvs+0xf1
      80550138 f2a42a08 00000002 00000002 80550164 tcpip!ProcessPerCpuTCBDelayQ+0x6b
      8055016c f2a4294f 00000002 f2a42901 f2a423d6 tcpip!ProcessTCBDelayQ+0xc4
      80550178 f2a423d6 00000000 84189ad0 f7785058 tcpip!TCPRcvComplete+0x20
      80550184 f7785058 f737ed40 0cabb1e5 f6e16b40 tcpip!IPRcvComplete+0x21
      80550188 f737ed40 0cabb1e5 f6e16b40 8416f908 wanarp!WanNdisReceiveComplete+0x6
      805501d8 f6e1101d 0044f6e8 83cc4c28 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x5a4
      805501ec f6e111b4 84189ad0 83cc4c28 00000001 psched!PsFlushReceiveQueue+0x15
      80550210 f6e115f9 8416f910 00000000 84189ad0 psched!PsEnqueueReceivePacket+0xda
      80550228 f737ed40 8416f908 834eb008 8376c498 psched!ClReceiveComplete+0x13
      80550278 f6e27c59 0044f6e8 805502b8 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x5a4
      805502ac f6e27f15 0276c498 83761130 8376c498 ndiswan!IndicateRecvPacket+0x2af
      805502e0 f6e283c2 8376c498 834ad808 0000003a ndiswan!ProcessPPPFrame+0x193
      805502fc f6e25e51 834c9430 834ad808 841b9b98 ndiswan!ReceivePPP+0x76
      80550320 f73798f5 00000001 83d4d008 0000003a ndiswan!ProtoWanReceiveIndication+0x106
      80550344 f287af5a 80550370 02dd7ad0 00000001 NDIS!NdisMWanIndicateReceive+0x54
      80550368 f28767a4 0000003a 84064c70 83636e30 gwausb+0x4f5a
      80550388 f7374fca 00000000 83dd3008 00000000 gwausb+0x7a4
      805503ac 804dbbd4 83dd3078 83dd3050 186a3b48 NDIS!ndisMTimerDpcX+0x7a
      805503d0 804dbb4d 00000000 0000000e 00000000 nt!KiRetireDpcList+0x46
      805503d4 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x26


      STACK_COMMAND: kb

      FOLLOWUP_IP:
      mvstdi5x+2917
      f7752917 8a16 mov dl,byte ptr [esi]

      SYMBOL_STACK_INDEX: 0

      SYMBOL_NAME: mvstdi5x+2917

      FOLLOWUP_NAME: MachineOwner

      MODULE_NAME: mvstdi5x

      IMAGE_NAME: mvstdi5x.sys

      DEBUG_FLR_IMAGE_TIMESTAMP: 41377210

      FAILURE_BUCKET_ID: 0xD1_mvstdi5x+2917

      BUCKET_ID: 0xD1_mvstdi5x+2917

      Followup: MachineOwner
      ---------

      Comment


      • #4
        You don't have a newer minidump as this one from Jul 30 2007?
        Make something idiot proof, but then they just make a better idiot
        Peace Through Power

        Comment


        • #5
          My bad. Here's one from today.

          Loading Dump File [C:\WINDOWS\Minidump\Mini121807-02.dmp]
          Mini Kernel Dump File: Only registers and stack trace are available

          Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
          Executable search path is:
          Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
          Product: WinNt, suite: TerminalServer SingleUserTS
          Built by: 2600.xpsp_sp2_gdr.070227-2254
          Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
          Debug session time: Tue Dec 18 12:53:20.046 2007 (GMT+0)
          System Uptime: 0 days 1:06:41.627
          Loading Kernel Symbols
          .................................................. .................................................. .................................................
          Loading User Symbols
          Loading unloaded module list
          ...............
          ************************************************** *****************************
          * *
          * Bugcheck Analysis *
          * *
          ************************************************** *****************************

          Use !analyze -v to get detailed debugging information.

          BugCheck 1000007E, {c0000005, 805d4a1a, ef98b934, ef98b630}

          Unable to load image drvmcdb.sys, Win32 error 0n2
          *** WARNING: Unable to verify timestamp for drvmcdb.sys
          *** ERROR: Module load completed but symbols could not be loaded for drvmcdb.sys


          Probably caused by : drvmcdb.sys ( drvmcdb+d8ac )

          Followup: MachineOwner
          ---------

          kd> !analyze -v
          ************************************************** *****************************
          * *
          * Bugcheck Analysis *
          * *
          ************************************************** *****************************

          SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
          This is a very common bugcheck. Usually the exception address pinpoints
          the driver/function that caused the problem. Always note this address
          as well as the link date of the driver/image that contains this address.
          Some common problems are exception code 0x80000003. This means a hard
          coded breakpoint or assertion was hit, but this system was booted
          /NODEBUG. This is not supposed to happen as developers should never have
          hardcoded breakpoints in retail code, but ...
          If this happens, make sure a debugger gets connected, and the
          system is booted /DEBUG. This will let us see why this breakpoint is
          happening.
          Arguments:
          Arg1: c0000005, The exception code that was not handled
          Arg2: 805d4a1a, The address that the exception occurred at
          Arg3: ef98b934, Exception Record Address
          Arg4: ef98b630, Context Record Address

          Debugging Details:
          ------------------




          EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

          FAULTING_IP:
          nt!RtlpCallQueryRegistryRoutine+149
          805d4a1a 668b01 mov ax,word ptr [ecx]

          EXCEPTION_RECORD: ef98b934 -- (.exr 0xffffffffef98b934)
          ExceptionAddress: 805d4a1a (nt!RtlpCallQueryRegistryRoutine+0x00000149)
          ExceptionCode: c0000005 (Access violation)
          ExceptionFlags: 00000000
          NumberParameters: 2
          Parameter[0]: 00000000
          Parameter[1]: 00000000
          Attempt to read from address 00000000

          CONTEXT: ef98b630 -- (.cxr 0xffffffffef98b630)
          eax=00000001 ebx=e1162898 ecx=00000000 edx=ef98bce8 esi=00000000 edi=e1162898
          eip=805d4a1a esp=ef98b9fc ebp=ef98ba28 iopl=0 nv up ei pl zr na pe nc
          cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
          nt!RtlpCallQueryRegistryRoutine+0x149:
          805d4a1a 668b01 mov ax,word ptr [ecx] ds:0023:00000000=????
          Resetting default scope

          CUSTOMER_CRASH_COUNT: 2

          PROCESS_NAME: System

          ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

          READ_ADDRESS: 00000000

          BUGCHECK_STR: 0x7E

          DEFAULT_BUCKET_ID: NULL_DEREFERENCE

          LAST_CONTROL_TRANSFER: from 8059693f to 805d4a1a

          STACK_TEXT:
          ef98ba28 8059693f ef98bce8 00000000 ef98ba88 nt!RtlpCallQueryRegistryRoutine+0x149
          ef98ba8c f733a8ac c0000034 00000084 00000001 nt!RtlQueryRegistryValues+0x26f
          WARNING: Stack unwind information not available. Following frames may be wrong.
          ef98bd34 f733c3b0 00000da4 f7340380 00000002 drvmcdb+0xd8ac
          ef98bdac 8057d0f1 f1ee59f8 00000000 00000000 drvmcdb+0xf3b0
          83d2c9e0 00000000 83d2c9e8 83d2c9e8 83d2c9f0 nt!PspSystemThreadStartup+0x34


          FOLLOWUP_IP:
          drvmcdb+d8ac
          f733a8ac ?? ???

          SYMBOL_STACK_INDEX: 2

          SYMBOL_NAME: drvmcdb+d8ac

          FOLLOWUP_NAME: MachineOwner

          MODULE_NAME: drvmcdb

          IMAGE_NAME: drvmcdb.sys

          DEBUG_FLR_IMAGE_TIMESTAMP: 4269810a

          STACK_COMMAND: .cxr 0xffffffffef98b630 ; kb

          FAILURE_BUCKET_ID: 0x7E_drvmcdb+d8ac

          BUCKET_ID: 0x7E_drvmcdb+d8ac

          Followup: MachineOwner
          ---------

          Comment


          • #6
            @sparetheman
            Please have a look at this thread.
            Maybe you have a smiliar problem with some Sonic product.
            I'm not employed by Disc Soft and my views do not necessarily reflect the ones of the company.

            Comment


            • #7
              Might want to check out the comments from the link below about that file, too.

              drvmcdb.sys is not essential for Windows 10/11/7 and will often cause problems. Click here to see what drvmcdb is doing, and how to remove drvmcdb.sys.

              Comment


              • #8
                Thanks a lot for the advice guys. I think I've sorted it out now.

                Comment

                Working...
                X